[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Blank initial DB
|
From: |
Jeremy T. Bouse |
|
Subject: |
Re: [Sks-devel] Blank initial DB |
|
Date: |
Sun, 22 Jan 2017 02:02:43 -0500 |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 |
On 1/22/2017 1:09 AM, Phil Pennock wrote:
> On 2017-01-22 at 00:30 -0500, Jeremy T. Bouse wrote:
>> As I've been working to rebuild my cluster I've been looking to try
>> and implement a CI/CD setup to test before rolling out changes... Rather
>> than having to import a full keydump for testing and validation anyone
>> got an idea of how to create blank or smaller subset keydump to import
>> to run tests against? I ask as the sks db and recon processes won't
>> start without a DB imported so have to have something to be able to
>> start the process to confirm everything is starting up and operating as
>> expected.
> Export the keys you want as keys, from your favourite PGP client.
>
> The key-dumps are just keys in normal keyring format.
>
> You can invoke `gpg --list-packets < foo-0000.pgp | less` against them,
> to see what's in them.
>
> So `gpg --export $keys_of_interest > minimal.pgp` should work. Or just
> use `gpg --export > minimal.pgp` to use your entire local keyring.
>
> Note that if such a minimal SKS tries to peer with a fully-loaded SKS,
> it will cause high CPU load and memory consumption on your peer, so
> please, don't get blacklisted. :)
>
> -Phil
Phil,
Thanks, I figured it was something trivial to build a sample set and
I just didn't seem to see how to do it. I definitely don't intend for
this to be anything that is peered with any other systems, except maybe
within an isolated test environment.
In interest of full disclosure and clarity, I'm working to rebuild
much of my infrastructure using Docker containers. As such I'm in the
process of working on building a lot of it. I've got a Jenkins server
that I can trigger the builds when I commit changes but I'm still having
to test manually. My question was in the interest of creating a minimal
sample test set of keys that would be quick to test the initial import
functionality so that it provides a working DB that the sks process
itself can start up. Right now having to have a copy of a full keydump
and import it for testing is slow.
Attached is a rough drawing of what I'm working to setup. I've got a
cluster of Docker hosts running in swarm mode. I'm running multiple SKS
containers with only 11370/tcp exposed for gossip peer connections and
then multiple Nginx containers with 80/tcp, 443/tcp and 11371/tcp
exposed. The Nginx containers are then configured to use the swarm mesh
routing DNS to proxy traffic on 11371/tcp back to the SKS containers for
the /pks location while handling the static web page UI internally. Each
SKS node is configured with my peers and with the cluster itself
ensuring they area all closely in sync.
The containers are started as Docker swarm services so if they fail
and crash they should restart to ensure that they are always running. I
may at a later date also see about adding a Tor hidden service running
as a container within the cluster as well and redirect traffic to Nginx
via the container linkage but that will be a project for a later date.
sks-docker.png
Description: PNG image
smime.p7s
Description: S/MIME Cryptographic Signature
sks-docker.png